HIPAA compliance will be getting more complicated in 2023. The penalties and fines for non-compliance could cost you a lot. So, don’t get caught on the back foot.
The latest Centers for Medicare and Medicaid Services (CMS) rules include new guidelines on protecting patient health information. The impact extends HIPAA beyond its current call recording rules and ‘covered entities’ now include US insurance companies, third-party marketing organizations (TPMOs) and the healthcare sector that promotes healthcare products.
The CMS Final Rule 2023 went into effect in September 2022 and applies to enrollments from January 1, 2023.
Colossal Impact on Call Recording
The CMS Final Rule will have a significant impact on call recording compliance. Companies, who until now have made do with the native recorders that came with traditional hosted telephony, could find themselves in breach of the new regulations. It’s likely that they will need to upgrade.
Native recording solutions have limits. And usually, they’re not secure. They’re not set up for long-term (10-year) storage. They aren’t easily accessible.
“CMS Final Rule will create a huge increase in mandatory recording across the US,” said Phillip Reynolds, Founder and CEO of Oak Innovation. “Thus far, the call recording requirement chiefly affected financial services. Now it’s the healthcare sector which is enormous. It’s also being driven by celebrity endorsements to sell healthcare products, which in reality aren’t quite as promised. So, it’s a way to regulate the industry,” Reynolds explained.”
CMS Final Rule extends HIPAA to includes business associates and anyone with access to patient information or who provides support and treatment, payment or operations, and those who market them.
“The crucial part of CMS Final Rule is that compliance now extends to the TPMO,” Reynolds said. “Now you have to be secure about everything in every way. That’s what it says.”
What Are the New CMS Call Recording Requirements?
The new rule applies to all healthcare agents who enrol beneficiaries in new plans.
- Enrollment means all points of contact from awareness to completion of the sale.
- Call recording includes all types of video calls and walkthroughs/screen-sharing.
- If clients don’t want to be recorded, the call must end.
- Every call must include a verbal disclaimer.
- Call recordings must be stored in a HIPAA-compliant manner for at least ten years.
- Recordings must be secure and easily searchable.
- They must be encrypted and can only be unencrypted at the court’s direction, or the request of the parties involved.
Oak Innovation’s Clarify and ClarifyGo Support CMS and HIPAA
Oak Innovation offers a complete and field-tested compliance call recording solution. Clarify, and ClarifyGo offer the following:
- Calls are automatically recorded (no need to press a button manually)
- Records video and walkthroughs/screens as well as audio
- 256-bit AES encryption
- Policy-based access to recordings
- Reports on CMS and HIPAA-related activity (who accessed which recordings, any deleted, shared)
- Recordings can be stored as long as needed (10+ years)
- ‘Legal Hold’ is a feature that tags recordings being used in a legal case to ensure they aren’t automatically deleted after ten years.
- Oak provides a policy agreement when providing recording services to the buyer ‘covered entity’
- Microsoft Teams and on-premise support.
“It’s really about protecting patient confidentiality and patient health information from getting into the wrong hands, Reynolds said.
Click here to find out more about Oak Innovation’s Clarify and ClarifyGo.
from UC Today https://ift.tt/5DOuB3N
0 Comments